Ok, allright, I'm not an expert but common sense suggests me to say:
First of all you should do a search through those forums: php, mysql and security, just to read something and clear (or mess up more) your ideas.
Then you should do a security assessment on your business.
I mean, ask yourself what kind of data you are collecting, what does the law say about what you are doing, how the owners of data could be hurt in case of ... and how their lawyers can strike back at you and so on ....
Then do another assessment on your system, i.e. can the box be stolen (phisically) can the operating system be hacked, security holes in applications ...

The php - mysql communication, if they are on the same server, is secure as long as no one gets into your system, that's why you need an assessment.
It's not the deep background, it's a must to avoid wasting time and obtaining some real security, without you risk of doing like those guys who buy an antivirus and then do not update virus definitions, or whorse, choose the wrong time interval to check for updates (!!!) ...

As to your second configuration (web server and MySQL server on seperate machines): it depends....

Seriously, if the machines are behind the same switch than it should not be necessary to have a secure (encrypted) connection since no packets passing between the two will be sent beyond the switch. This does assume that you have complete control over any other devices connected to the same switch.

However, should the two machines be connecting via the internet, then a secure connection would be necessary for transferring sensitive data.

Well, I could but it wouldn't be very useful as I haven't much experience with it. The thing to do would be to check the docs of your OS as it is a kernal option and has to be set at compile time for *nixes. If you are using an MS OS there are several commercial options that you can use. PGPnet comes to mind...

machines on the same switch

You shouldn’t rely on a switch to provide security for your network. The intent behind a switch is to optimize network bandwidth not security. It is true that most common packet sniffers will not work across switches but there are several tools around that will and depending on the type if switch you have there are varying degrees of difficulty for an attacker to make these tools work.

There are some good articles online to this effect, if you look try google.